https://techcrunch.com/2018/09/19/hackers-have-planted-credit-card-stealing-malware-on-local-government-payment-sites/

Security firm FireEye has confirmed that a widely used web payment portal used to pay for local government services, like utilities and permits, has been targeted by hackers.

Hackers have broken into self-hosted Click2Gov servers operated by local governments across the US, likely using a vulnerability in the portal’s web server that allowed the attacker to upload malware to siphon off payment card data over a period of “weeks to numerous months,” Nick Richard, FireEye’s principal threat intelligence analyst, told TechCrunch.